Many modern automobiles are controlled not just by the steering wheel, gas pedal, and brakes, but by a proliferation of microcontrollers known as electronic control units (ECUs). ECUs are often connected to the engine, transmission, cruise control, power steering, brakes, timing belts, suspension, and other parts of a vehicle. Because the functioning of all of these systems is crucial to the safety of a vehicle and its occupants, the possibility of a malicious attacker taking control of or spoofing an ECU is a serious threat. An attacker who successfully spoofs ECUs could cause brakes to fail, seriously damage the engine, change the vehicle's speed via cruise control, or endanger the vehicle and its occupants in a variety of other ways.
In most implementations, ECUs communicate using a controller area network (CAN). CAN networks do not intrinsically support any security features, meaning that any defense against attackers must be programmed into ECUs or added by an external service. While ECUs are extensively tested for automotive safety, they are typically not designed to be resistant to malicious electronic attacks. Traditional security systems design for other kinds of networks and computing devices may be entirely inadequate at securing electronic components of vehicles. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for detecting suspicious microcontroller messages.